search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
16.86k stars 2.2k forks source link

gitNoVerify not being used for branch deletion #29472

Closed rarkins closed 2 months ago

rarkins commented 2 months ago

Discussed in https://github.com/renovatebot/renovate/discussions/29468

Originally posted by **re-source-tech** June 6, 2024 ### What would you like help with? I would like help with my configuration ### How are you running Renovate? Self-hosted ### If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate. platform: 'azure', renovate@37.392.0 ### Please tell us more about your question or problem I placed the global configuration file `config.js` in a devops repository and placed the repository configuration file `renovate.json5` in the application repository. I want to disable pre-push hook. `config.js` ```js module.exports = { platform: 'azure', endpoint: 'https://dev.azure.com/my-org/', token: process.env.AZURE_REPO_TOKEN, repositories: [ // list of repos that should be watched by renovate bot 'my-project/my-apps' ], gitNoVerify: ["commit", "push"] // passes the `--no-verify` flag to `git commit` and `git push` }; ``` `renovate.json5` ```json5 { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "enabledManagers": ["npm", "nodenv", "nvm", "bun", "meteor"], // Most managers are enabled by default. We currently only enable JavaScript and Node.js "azureWorkItemId": 3022, // used in the pull request "packageRules": [ { "matchManagers": ["npm", "nodenv", "nvm", "bun", "meteor"], "groupName": "Package dependencies update" // All updates sharing the same groupName will be placed into the same branch/PR. } ], "labels":["renovate", "dependencies"], "reviewers": [ "required:Dev Team", "required:DevOps Team" ], "azure-pipelines": { // enable Azure Pipelines support "enabled": true }, "baseBranches": [ // the target branch of the PR "feature/3022-renovate-pipeline" ], "extends": [ "config:best-practices" ], "prConcurrentLimit": 5, // Limit to a maximum of 5 concurrent branches/PRs "prHourlyLimit": 5, // Rate limit PRs to maximum 5 created per hour "commitMessagePrefix": "3022 feature: ", // Prefix to add to start of commit messages and PR titles "semanticCommits": "disabled", // Renovate autodetects if your repository is already using semantic commits or not and follows suit, disable it to have customized commit prefix "osvVulnerabilityAlerts": true, // Use vulnerability alerts from https://osv.dev/ "vulnerabilityAlerts": { "groupName": "vulnerabilityAlerts", "addLabels": ["renovate", "security", "vulnerability"] } } ``` ### Logs (if relevant)
Logs ``` INFO: Deleting orphan branch (repository=my-project/my-apps, branch=renovate/babel-eslint-replacement) DEBUG: Git function thrown (repository=my-project/my-apps) "err": { "task": { "commands": [ "push", "--delete", "origin", "renovate/babel-eslint-replacement" ], "format": "utf-8", "parser": "[function]" }, "message": "husky - pre-push hook exited with code 1 (error)\n\nnode:internal/process/esm_loader:40\n internalBinding('errors').triggerUncaughtException(\n ^\nError: Required package missing from disk. If you keep your packages inside your repository then restarting the Node process may be enough. Otherwise, try to run an install first.\n\nMissing package: lint-staged@npm:13.2.0\nExpected package location: /tmp/renovate/repos/azure/my-project/my-apps/.yarn/cache/lint-staged-npm-13.2.0-204330f6dc-dcaa8fbbde.zip/node_modules/lint-staged/\n\n at makeError (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:50643:34)\n at resolveUnqualified (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52157:17)\n at resolveRequest (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52209:14)\n at Object.resolveRequest (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52265:26)\n at resolve$1 (file:///tmp/renovate/repos/azure/my-project/my-apps/.pnp.loader.mjs:1991:25)\n at nextResolve (node:internal/modules/esm/hooks:864:28)\n at Hooks.resolve (node:internal/modules/esm/hooks:302:30)\n at MessagePort.handleMessage (node:internal/modules/esm/worker:196:24)\n at [nodejs.internal.kHybridDispatch] (node:internal/event_target:786:20)\n at exports.emitMessage (node:internal/per_context/messageport:23:28)\n\nNode.js v18.20.3\nerror: failed to push some refs to 'https://dev.azure.com/my-org/my-project/_git/my-apps'\n", "stack": "Error: husky - pre-push hook exited with code 1 (error)\n\nnode:internal/process/esm_loader:40\n internalBinding('errors').triggerUncaughtException(\n ^\nError: Required package missing from disk. If you keep your packages inside your repository then restarting the Node process may be enough. Otherwise, try to run an install first.\n\nMissing package: lint-staged@npm:13.2.0\nExpected package location: /tmp/renovate/repos/azure/my-project/my-apps/.yarn/cache/lint-staged-npm-13.2.0-204330f6dc-dcaa8fbbde.zip/node_modules/lint-staged/\n\n at makeError (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:50643:34)\n at resolveUnqualified (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52157:17)\n at resolveRequest (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52209:14)\n at Object.resolveRequest (/tmp/renovate/repos/azure/my-project/my-apps/.pnp.cjs:52265:26)\n at resolve$1 (file:///tmp/renovate/repos/azure/my-project/my-apps/.pnp.loader.mjs:1991:25)\n at nextResolve (node:internal/modules/esm/hooks:864:28)\n at Hooks.resolve (node:internal/modules/esm/hooks:302:30)\n at MessagePort.handleMessage (node:internal/modules/esm/worker:196:24)\n at [nodejs.internal.kHybridDispatch] (node:internal/event_target:786:20)\n at exports.emitMessage (node:internal/per_context/messageport:23:28)\n\nNode.js v18.20.3\nerror: failed to push some refs to 'https://dev.azure.com/my-org/my-project/_git/my-apps'\n\n at Object.action (/home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/src/lib/plugins/error-detection.plugin.ts:42:29)\n at PluginStore.exec (/home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/src/lib/plugins/plugin-store.ts:54:29)\n at /home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:124:42\n at new Promise ()\n at GitExecutorChain.handleTaskData (/home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:121:14)\n at GitExecutorChain. (/home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:97:40)\n at Generator.next ()\n at fulfilled (/home/vsts/.npm/_npx/05eeecd92f4e18e0/node_modules/simple-git/dist/cjs/index.js:52:24)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)" } ```
rarkins commented 2 months ago

I have not reproduced this, and don't have time to fix, but based on code review I suspect this to be the case.

Example of normal git push checking getNoVerify(): https://github.com/renovatebot/renovate/blob/36091fd9f817b37addb3cb7d89229222d790543e/lib/util/git/index.ts#L1092-L1107

deleteBranch() not checking it: https://github.com/renovatebot/renovate/blob/36091fd9f817b37addb3cb7d89229222d790543e/lib/util/git/index.ts#L767-L770